Re: [PATCH v2 04/18] security_dac: Restore label on failed chown() attempt

Daniel P. Berrangé <berrange@xxxxxxxxxx> · Thu, 6 Dec 2018 11:53:06 +0000

On Thu, Nov 29, 2018 at 02:52:19PM +0100, Michal Privoznik wrote:
> It's important to keep XATTRs untouched (well, in the same state
> they were in when entering the function). Otherwise our
> refcounting would be messed up.
> 
> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
> ---
>  src/security/security_dac.c | 20 +++++++++++++++++++-
>  1 file changed, 19 insertions(+), 1 deletion(-)
> 
> diff --git a/src/security/security_dac.c b/src/security/security_dac.c
> index 6b64d2c07a..8155c6d58a 100644
> --- a/src/security/security_dac.c
> +++ b/src/security/security_dac.c
> @@ -718,7 +718,25 @@ virSecurityDACSetOwnership(virSecurityManagerPtr mgr,
>      VIR_INFO("Setting DAC user and group on '%s' to '%ld:%ld'",
>               NULLSTR(src ? src->path : path), (long)uid, (long)gid);
>  
> -    return virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid);
> +    if (virSecurityDACSetOwnershipInternal(priv, src, path, uid, gid) < 0) {
> +        virErrorPtr origerr;
> +
> +        virErrorPreserveLast(&origerr);
> +        /* Try to restore the label. This is done so that XATTRs
> +         * are left in the same state as when the control entered
> +         * this function. However, if our attempt fails, there's
> +         * not much we can do. XATTRs refcounting is fubar'ed and
> +         * the only option we have is warn users. */
> +        if (virSecurityDACRestoreFileLabelInternal(mgr, src, path) < 0)
> +            VIR_WARN("Unable to restore label on '%s'. "
> +                     "XATTRs might have been left in inconsistent state.",
> +                     NULLSTR(src ? src->path : path));
> +
> +        virErrorRestore(&origerr);
> +        return -1;
> +    }
> +
> +    return 0;
>  }

Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>

THough I feel this could probably just be squashed into the patch that
integrates the label remembering, as it doesn't really do anything useful
on its own.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list